For years, Kyle Milliken and his cybercriminal associates used stolen credentials to break into user accounts throughout the internet. The process begins when a hacker such as Milliken steal passwords from a vulnerable database — in his case, he acquired login 17.5 million credentials from Disqus, 5.2 million records from Kickstarter, and 1.7 million from Imgur.
Milliken would then access these users’ email inboxes and social media accounts to post promotional spam. Of course, this only worked if the users had recycled their passwords between accounts, but it turns out this is a very common practice.
“The reuse of login credentials in my opinion is the greatest security flaw that we have today,” Milliken said. “When I was hacking I had my own personal collection of databases that I could easily search for a company’s email and parse all of the data.”
“Now that there are billions of records leaked from thousands of websites it’s even easier for anyone to breach almost any company or website out there.”
When it comes to business networks, all it takes is for one employee to recycle their password and a hacker can potentially gain access to whatever they want.
Strong, unique passwords have long been advocated by cybersecurity experts, but many users are still dragging their feet. One of the major concerns cited is the sheer number of passwords that we use every day. How can we be expected to remember so many unique passwords, especially when they’re supposed to be complex combinations of letters, numbers, and symbols?
Password Managers Save the Day
A secure and easy-to-use password manager can manage your login credentials, keeping your passwords safe and automatically filling in forms and syncing your data across devices. They even remove the need to come up with — much less memorize — complicated passwords that are difficult to crack.
A password manager is an encrypted digital vault for the login information you use to access websites, social media, email, and other services. With just one master password — or in some cases a PIN or even your fingerprint — you can autofill a login form or password field. No need to memorize or (gasp!) write down your passwords.
And password managers don’t need to be expensive. For example, the free version of LastPass gives you the ability to store passwords, user login info and credentials and sync all of it wherever you want — across desktop, mobile and browsers.
What Else Can You Do to Protect Your Accounts?
Milliken made it clear that there was one security feature that made his hacking career much harder: two-factor authentication. The former black-hat hacker states that he “despised” 2FA because it could stop him in his tracks.
The three largest email providers — Microsoft, Google, and Yahoo — have added two-factor authentication as a security feature, as have many other software companies who want to protect their users. To better protect your accounts, be sure to activate this feature when prompted or go into your security settings and activate 2FA manually.
Without a doubt, the ransomwire crisis is going to get a lot worse, and hackers aren’t going anywhere. It’s more important than ever for users to take a personal stake in their cybersecurity, and for business owners to enforce internal cybersecurity policies. Such policies should include strong password requirements and the use of two-factor authentication when applicable.